×

Selectively performing man in the middle decryption

  • US 9,148,407 B2
  • Filed: 04/08/2015
  • Issued: 09/29/2015
  • Est. Priority Date: 05/08/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method performed by data processing apparatus, the method comprising:

  • receiving, by an agent on a device within a network, a request to access a resource outside the network;

    establishing, by the agent, a first encrypted connection between the device and the agent such that the agent is configured to act as a proxy of the resource to the device;

    establishing, by the agent, a second encrypted connection between the agent and the resource such that the agent is configured to act as a proxy of the device to the resource;

    sending, by the agent in response to receiving the request to access the resource, a policy request to a network appliance within the network, the request specifying the resource;

    receiving, by the agent and from the network appliance, a policy response indicating that the resource is associated with one or more security policies of the network;

    decrypting and selectively inspecting, by the agent, encrypted communication traffic from the device and addressed to the resource, depending on the security policies;

    decrypting and selectively inspecting, by the agent, encrypted communication traffic from the resource and address to the device, depending on the security policies;

    receiving, by the agent, a second request to access a second resource outside the network;

    determining that the second resource is on a whitelist that lists resources for which man-in-the-middle analysis should not apply; and

    causing the establishment, responsive to determining that the second resource is on the whitelist, a third encrypted connection between the device and the second resource to facilitate encrypted communication traffic between the device and the second resource;

    wherein the first, the second, and the third encrypted connections are separate and have different formats.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×